To evade eavesdropping or spyware attacks in a network environment, applications typically make use of encryption between endpoints of the network, or other security protocols, such as HTTPs, when information is transmitted over the network, and in particular over the Internet. Apart from the security features embedded or used by applications, a process of educating users of computers has resulted in users being aware of the importance of keeping sensitive information safe.
Notwithstanding the security measures used by applications and the care taken by users to protect sensitive data, it is well known that information is inherently insecure between a user and an application used by the user. As applications typically do not protect the data when it is being entered in the application through user interfaces, the information may particularly be susceptible for interception and eavesdropping during this stage.
This security risk is exacerbated as the user would typically be under the impression that a secure application is being used and that the data is accordingly protected, while the application may guarantee that sensitive user data will be securely handled at all times.
Information being entered into an application through user interfaces is vulnerable due to the interaction between different computer components, described in more detail according to FIG. 1. Typically a user 10 enters data through an input device such as a keyboard 14. Every time the user presses a key, the keyboard 14 used notifies the operating system 16 of the computer of the key-press. In doing this, the keyboard 14 generates an interrupt signal which the CPU 16 captures and passes to an interrupt handler routine 18 and device driver 20 for handling, with the device driver 20 detecting what happened on the keyboard 14. Lastly, the operating system 16 sends the input device event to an active application 22, which will take the appropriate action, e.g. typing a letter forming part of a usemame or password.
As the device driver 20 does not form part of the operating system 16, but is installed separately to make the keyboard 14 work, the operating system 16 has a provision to associate a device driver 20 with the keyboard 14. Whenever any action or event is detected on the keyboard 14, the operating system 16 will assign the action or event to the device driver 20 to handle it.
It is this association between the operating system 16, the device driver 20 and the keyboard 14 that makes the process of entering data susceptible for capturing by malicious programs.
For example, a user's input is vulnerable to keystroke logging that captures a user's keystrokes, typically to obtain passwords or other sensitive data, thereby bypassing security measures of a system.
The operation of keystroke loggers may include logging everything typed by a user, logging the time when typed and the application where the data was entered. The data is typically logged into a protected file the user cannot see. Also, the keystroke loggers may log information that is stored on a clipboard e.g. copy-paste information and may further log mouse clicks and items selected on the GUI.